Different DNS host overrides based on IP addr or interface of client?
-
Hello all,
I'm wondering if there's a way to do conditional host overrides with DNS Resolver. For example:
Client #1 at 192.168.20.100 pings foo.com, gets 204.65.44.1
Client #2 at 192.168.20.101 pings foo.com, gets 204.65.44.2If it can't be done by IP address, can it be conditional based on which interface is querying? If this can't be done with DNS resolver, is there another way to accomplish this?
-TM
-
Not possible with Unbound or dnsmasq. You would need the BIND package and use the views feature to match a specific client IP or a set of IPs.
-
Since the update to unbound 1.6 there are views now…
Doesn't look any support for them in the gui as of yet that I see.. But you can for sure do it in the optional box.
So
in the option box I created a view called testview
server: access-control-view: 192.168.9.100/32 testview view: name: "testview" local-zone: "local.lan" static local-data: "test.local.lan. 90 IN A 10.10.10.10"So you can see when I bounce the query off my internal dns that forwards to pfsense, so the query will actually come from 192.168.3.10 vs my box on 192.168.9.100.. I get what I put in as a host override for test.local.lan. When I do the query to unbound from the access-control-view list I created called "testview" I get the entries I put in there. My normal local domain is local.lan - and this is the host override I created for the test.local.lan
You can create the control view to either be a single IP with /32 or any cidr to include the IPs you want. You then just need to create the entries under that view name.. See the above for example
> dig test.local.lan ; <<>> DiG 9.11.0-P3 <<>> test.local.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28904 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;test.local.lan. IN A ;; ANSWER SECTION: test.local.lan. 3600 IN A 192.168.100.100 ;; Query time: 7 msec ;; SERVER: 192.168.3.10#53(192.168.3.10) ;; WHEN: Mon Mar 06 15:55:55 Central Standard Time 2017 ;; MSG SIZE rcvd: 59 > dig @192.168.9.253 test.local.lan ; <<>> DiG 9.11.0-P3 <<>> @192.168.9.253 test.local.lan ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16525 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;test.local.lan. IN A ;; ANSWER SECTION: test.local.lan. 90 IN A 10.10.10.10 ;; Query time: 1 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Mon Mar 06 15:56:14 Central Standard Time 2017 ;; MSG SIZE rcvd: 59
-
Thanks, it work.
only need remember about "server:" in first line of custom options.
I post my screenshot of GUI https://lexxai.blogspot.com/2017/11/pfsense-dns-views.html
